The US National Security Agency recommends mobile users to increase security

In today's digital age, mobile phones have become an indispensable part of everyone's life. However, besides the conveniences they bring, mobile phones also pose many security risks. Therefore, ensuring the safety of mobile phones is extremely important.

Users should restart their mobile phones weekly to increase security.

In a document detailing best practices for mobile phone security, the NSA recommended that users turn their mobile phones off and then back on every week to protect against zero-click attacks. Zero-click vulnerabilities are often used by attackers to eavesdrop and collect data from phones.

A zero-click vulnerability is a dangerous type of security flaw in software that allows an attacker to compromise a user's device without the user having to take any action, such as clicking a link or opening an attachment. An attacker can exploit this vulnerability to install malware, steal data, or take control of a user's device.

An attacker can exploit the vulnerability remotely without user interaction. This makes zero-click vulnerabilities much more dangerous than other types of vulnerabilities, as there is no opportunity for the user to detect or prevent the attack.

Additionally, turning your mobile phone off and on again can also mitigate the threat of highly targeted email phishing attacks against specific individuals or organizations (spear-phishing attacks). Unlike regular phishing attacks, spear-phishing attacks are more sophisticated and personalized to trick victims into believing they are receiving a legitimate email from a trusted person or organization.

However, the NSA document also warns that turning off and on a mobile phone sometimes only partially prevents these attacks from succeeding, and is not an absolute safety measure.

“Mobile threats are becoming more prevalent, increasing in both scale and complexity,” the National Security Agency said. “Some smartphone features, while convenient, come at the expense of security. Mobile users should take steps to proactively secure their devices and data.”

It's important to note that these recommendations are not a silver bullet for all security issues. While they're helpful general recommendations, turning your device off and back on again won't work against many more advanced malware and spyware threats that are programmed to reload upon reboot.

In fact, restarting the mobile phone is also a method that many users often use as a simple way to refresh the system after a long period of continuous operation, clean up all background applications and cache to help the phone run smoother. Restarting the phone also helps solve some problems related to mobile signals, helping to get better signals.

You should turn off Bluetooth connection when not in use, do not use public Wi-Fi networks and public charging stations, etc.

The NSA also recommends that mobile phone users turn off Bluetooth when not in use, update their devices as soon as possible when new operating system and application updates are available, and turn off location services when not needed.

As we can see, much of the advice comes down to a trade-off between security and convenience. Additionally, the NSA recommends against using public Wi-Fi and public charging stations, even though many security experts believe the risk is quite low in most real-world use cases. This may be an inconvenience for many smartphone users.

When it comes to public Wi-Fi, there is a difference between potential risks and the actual risks users face. While hackers can exploit unsecured networks for malicious purposes, this usually involves tricking unsuspecting users into connecting to their own Wi-Fi hotspot instead of the one provided by a train station, airport, or coffee shop.

This is a type of Wi-Fi network attack in which the attacker uses a fake Wi-Fi access point with the same or similar name to the legitimate Wi-Fi network that the user intends to connect to. Thus, when the user intends to connect to the legitimate Wi-Fi network, they are inadvertently connected to the fake Wi-Fi access point created by the cybercriminal.

To stay safe in public, the UK's National Cyber ​​Security Centre (NCSC) also recommends that users connect to 4G or 5G mobile networks, as they have built-in security features. Users can also use the tethering feature on most mobile devices to connect their laptop to their smartphone's network, which is useful when performing sensitive activities such as online banking.

Additionally, the NSA recommends that users use a “strong” PIN or lock screen password, with at least 6 characters, and that the phone be set to automatically erase data after 10 incorrect entries and automatically lock after 5 minutes of inactivity.

Cybersecurity expert Oliver Page, CEO of Cybernut (UK) Cybersecurity Company, said that users should create strong, unique passwords for each account using a password manager and avoid using common phrases as well as reusing passwords across multiple accounts.

The NSA further warns that opening email attachments and links, even if the sender appears legitimate, is a bad idea, as they can easily inadvertently transmit malicious content or have their accounts compromised. Oliver Page also recommends that users learn to recognize phishing attempts by checking the sender's email address, verifying the website address, and reviewing the email content for signs of tampering.

And the recommendations of the US Federal Communications Commission

In addition to the recommendations issued by the NSA, the Federal Communications Commission (FCC), an independent agency of the U.S. government, has also issued a number of practical security recommendations for smartphone users. While some of the FCC's recommendations overlap with those of other government and law enforcement agencies, there are a few points worth noting.

Do not change your smartphone's default security settings:According to the FCC, interfering with a phone's factory settings, such as jailbreaking or directly interfering with the system to gain privileged access (rooting), weakens the built-in security features provided by mobile service providers and smartphone manufacturers, making the device more vulnerable to attack.

Be careful when granting permissions to apps:The FCC warns that understanding app permissions is important because they can be used to bypass certain security features. While modern mobile operating systems have made these permissions more transparent, it is still important to be aware of potential dangers. According to the FCC, users should be cautious when granting apps access to personal information on their phones or allowing apps to perform functions on their mobile phones.

Set up remote access disablement and remote data wipe for mobile phones:By setting up remote access disablement and remote data wipe, users can protect their phones from unauthorized access and protect their personal data in case of loss or theft.

Wipe data and factory reset before selling or discarding phone:Finally, always wipe data from the user's mobile phone and restore factory settings before selling or discarding the phone to ensure important data does not fall into the hands of others.